IETF Logo Mail Archive

Re: [dmarc-ietf] ARC Multi Proposal

"John R Levine" <johnl@taugh.com> Tue, 06 November 2018 03:08 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95693130DCC for <dmarc@ietfa.amsl.com>; Mon, 5 Nov 2018 19:08:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=HdiozpA8; dkim=pass (1536-bit key) header.d=taugh.com header.b=fZ75ZlVi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k-xCtAKsn4fA for <dmarc@ietfa.amsl.com>; Mon, 5 Nov 2018 19:08:52 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F218127148 for <dmarc@ietf.org>; Mon, 5 Nov 2018 19:08:51 -0800 (PST)
Received: (qmail 45091 invoked from network); 6 Nov 2018 03:08:50 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=b021.5be105c2.k1811; bh=/9KtLragsaJpnEU6PCxfkpSIy/5ljMTVqF0jumfF+eE=; b=HdiozpA8PFJad6qlkS6FftZOzlFoc0Zw/8vSRYqxjDmWum+eBCGA6F6jn3OwselU1/4j84+0DlF7oFMgMBPWdnCFIbwqx24/FmJw5W6rontA9hzTgSoBFVOtkcxKH2BlKnYZhr0SMd0ruoVymhJDr7E3ywP03pZf+1uoPNxGhgllRtpS7pIJ19bxPSRrD8cdTchv40j3fvUSSs3ptBV22A5uQnSxKC73OkcB++FNLxomyGT0bfQrcowCVq2IzHbP
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=b021.5be105c2.k1811; bh=/9KtLragsaJpnEU6PCxfkpSIy/5ljMTVqF0jumfF+eE=; b=fZ75ZlViAcqcBuM3bljv27yDLPnc0wUOE6HbuflCKvRYebOCr/FqVa3enVToSq6e+EeZJw/OYMyrB9uK19S62mAdW0LlvHS6wRKqhn2EoFXF6lLjEaKi6OEACm1KXmBH01JWFytWjpXgiPFL9NAYrgc9QtJzDsyNNmFKJ9JTEn0UlEMDGsxpQJMIXBdnSenb5K6G0jEfmS4n9fn73GjUilpRIx+vwYN5wogMgZMOLDLBwQ0lWMuzI53MiGDF9F5b
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 06 Nov 2018 03:08:50 -0000
Date: Tue, 06 Nov 2018 10:08:46 +0700
Message-ID: <alpine.OSX.2.21.1811061005510.81762@dhcp-8071.meeting.ietf.org>
From: John R Levine <johnl@taugh.com>
To: Brandon Long <blong@google.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
In-Reply-To: <CABa8R6vrGNFj9dc9VJKAQhh+V4qWQMsYFak_Hxk8EEw8cOOXjg@mail.gmail.com>
References: <9957335.dUWMaE32Bo@kitterma-e6430> <20181101235621.AF0B52007DFEBA@ary.local> <CABuGu1qOstiqvHfPSnZmfgHXx-VEAq543g9GWjWGaDQ3GxFUgw@mail.gmail.com> <alpine.OSX.2.21.1811021550560.13429@ary.local> <CABuGu1pCusR+L+QMBbOrODFRyaNbC+JBhHoSd46gGtB95nv_nA@mail.gmail.com> <alpine.OSX.2.21.1811021607520.13429@ary.local> <CABuGu1qvgfUS0PShX8AxYn0SwpR=SJL=7nFQXYM1Ckiii5T0xQ@mail.gmail.com> <CABa8R6vrGNFj9dc9VJKAQhh+V4qWQMsYFak_Hxk8EEw8cOOXjg@mail.gmail.com>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/XWR9-QjQBVUfSpYUzZIBHDS2Mng>
Subject: Re: [dmarc-ietf] ARC Multi Proposal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 03:08:54 -0000

On Mon, 5 Nov 2018, Brandon Long wrote:
> If it does work, I'd be a surprised.  Most likely, it'll fail validation
> prior to full parsing (we extract the i= first, and only fully parse all
> the k=v pairs later).
>
> Also, does that mean you have to use the same algorithm in both the AMS and
> AS for a given instance?  And how does that correspond to an AAR which
> doesn't have an algorithm... and how does that work with the AS signing
> previous headers, does it only sign the ones with matching algorithm?

That's in my draft.  Each chain of seals uses a single algorithm, so the 
AS and AMS algos all have to match.  There's no signature in the AAR so 
it's shared between multiple seals in the same instance.  You're only 
allowed to seal the longest chain(s) so if the longest chain uses an 
algorithm you don't understand, it fails.

> I'd be a bit surprised if all of those caveats are correctly matched in the
> original arc spec.

No kidding.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email